On Mon, Aug 19, 2013 at 10:32:27PM +0100, Rowland Penny wrote:
> >If you want to return
> >a particular single address for each user, you need to select a
> >result attribute that contains *only* that address.
>
> That is what I was trying to do, do a search of a group, get its
> members and return the 'otherMailbox' from the group members that
> contain the members CN@%d.
There is no reasonable expectation that an LDAP query will return
a subset of the requested attribute values. LDAP returns the
totality of the requested attribute values for all entries that
match the query filter. The LDAP query language is much more
limited than SQL.
> But from what you are saying, this is not possible and whilst I can
> search via the group, I will get every 'otherMailbox' attribute
> under every member of the mailgroup and there is no way to fix this.
Yes, naturally.
> I will have to rethink this, there must be another way of getting
> what I want, this is after all unix ;-)
Unix has little to do with it, this is LDAP. If you are querying
LDAP live, you are limited by the capabilities of LDAP. The Postfix
LDAP driver does not add a filter language to post-process LDAP
results. So LDAP is what you get.
> >AD allows you to extend the schema. If nothing suitable is available,
> >you can populate a custom attribute.
>
> The problem with AD is that whilst it a version of LDAP, it is a
> very bastardized version, moulded by MS to do what they wanted to
> do, you cannot do with Ad what you can do very easily with LDAP.
This is a poor excuse. I've extended the AD schema with custom
attributes holding email addresses, it is relatively simple to do.
I am still puzzled why you don't want to use "mail" as the leaf
result attribute. This will return one address per mailgroup user.
If you are looking to add users to groups in such a way that the
member address depends on the group's domain, you've likely made
a design error somewhere else that is forcing you to jump through
hoops. All groups a user is a member of should route mail to the
same address or set of addresses for each user.
--
Viktor.
